H3C SR6600 Fundamentals Configuration Manual page 81

To do...
Specify the scheme
authentication mode
Enable command
authorization
Enable command
accounting
Exit to system view
Enter the
Configure
default ISP
the
domain view
authentic
Use the command...
authentication-mode scheme
command authorization
command accounting
quit
domain domain-name
3-70
Remarks
Required
Whether local, RADIUS, or
HWTACACS authentication is
adopted depends on the configured
AAA scheme.
By default, the modem login
authentication mode of the device is
password.
Optional
By default,
authorization is not enabled.
By default, command level for a
login user depends on the user
privilege level. The user is
authorized the command with the
default level not higher than the
user privilege level. With the
command authorization
configured, the command level
for a login user is determined by
both the user privilege level and
AAA authorization. If a user
executes a command of the
corresponding command level,
the authorization server checks
whether the command
authorized. If yes, the command
can be executed.
Optional
By default, command accounting
is disabled. The
server does not record the
commands executed by users.
Command accounting allows the
HWTACACS server to record all
executed commands that are
supported by the
regardless of the
execution result.
control and monitor
operations on the device. If
command accounting is enabled
and command authorization is
not enabled, every executed
command is recorded on the
HWTACACS server.
command accounting
command authorization
enabled, only the authorized and
executed commands
recorded on the HWTACACS
server.
—
Optional
By default, the AAA scheme is local.
command
is
accounting
device,
command
This helps
user
If both
and
are
are